EXPLORE
Sign In
← Back to Explore
T1587.001

Malware

Adversaries may develop malware and malware components that can be used during targeting. Building malicious software can include the development of payloads, droppers, post-compromise tools, backdoors (including backdoored images), packers, C2 protocols, and the creation of infected removable media. Adversaries may develop malware to support their operations, creating a means for maintaining control of remote machines, evading defenses, and executing post-compromise behaviors.(Citation: Mandian...

PRE
9
Detections
3
Sources
22
Threat Actors

BY SOURCE

7sigma1elastic1splunk_escu

PROCEDURES (5)

Process Creation Monitoring4 detections

Auto-extracted: 4 detections for process creation monitoring

Remote2 detections

Auto-extracted: 2 detections for remote

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

File Monitoring1 detections

Auto-extracted: 1 detections for file monitoring

THREAT ACTORS (22)

Aoqin DragonAPT29CleaverContagious InterviewFIN13FIN7Indrik SpiderKe3changKimsukyLazarus GroupLuminousMothMoonstone SleetMoses StaffMustang PandaOilRigPlayRedCurlSalt TyphoonSandworm TeamTeamTNTTurlaUNC3886

DETECTIONS (9)

Cisco Secure Firewall - Possibly Compromised Host
splunk_escu
GenAI Process Compiling or Generating Executables
elasticmedium
Potential Privilege Escalation To LOCAL SYSTEM
sigmahigh
Potential PsExec Remote Execution
sigmahigh
ProxyLogon MSExchange OabVirtualDirectory
sigmacritical
PsExec/PAExec Escalation to LOCAL SYSTEM
sigmahigh
PUA - CsExec Execution
sigmahigh
Uncommon File Created In Office Startup Folder
sigmahigh
VHD Image Download Via Browser
sigmamedium